cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Employee
Employee

Web API - setting track level

Jump to solution

Hi CheckMates,

 

Encountered an issue with Management API while creating a rule via Web API.

Trying to set track level according to https://sc1.checkpoint.com/documents/latest/APIs/index.html#web/set-access-rule~v1.5%20   , track field is able to receive "log"  (even though it seems not to be documented).

However, it automatically switches on "Accounting" log feature as well.

Trying to adjust the accounting setting results in an error.

 

Any thoughts how it can be resolved?

 

Sent payload that creates a rule with logging enabled plus accounting:

payload_For_API = {
"layer": "Network",
"position": "top",
"name": "API 1",
"action": "Accept",
"destination": "hst_dst_1.10.1.100",
"service": "Kubernetes1",
"enabled": True,
"source": "Any",
"track": "log"
}

 

Trying to use track.type (as in https://community.checkpoint.com/t5/Policy-Management/change-to-Track-setting-in-policy/m-p/47958#M2...) results in 

{'code': 'generic_err_invalid_parameter_name', 'message': 'Unrecognized parameter [track.type]'}

 

Trying to configure track using additional fields:

{'code': 'generic_err_invalid_parameter', 'message': 'Invalid parameter for [track]. The invalid value [ "accounting" : False }] should be replaced by one of the following values: [none, log, extended log, detailed log]'}

or:

{'code': 'generic_err_invalid_parameter', 'message': 'Invalid parameter for [track]. The invalid value [ "log" , {"accounting" : False }] should be replaced by one of the following values: [none, log, extended log, detailed log]'}

 

Thanks,

Vlad Tonne

1 Solution

Accepted Solutions

Re: Web API - setting track level

Jump to solution

@Vlad_Tonne , @Maik ,

Which version are we talking about?

Here are commands that worked for me on R80.30.

 

mgmt_cli:

mgmt_cli add access-rule layer "Network" position 1 name "Rule 1" track.type "Log" track.accounting true

 

Web Services:

  {
"name": "amiad rule1",
"position" : 1,
"track": {
"accounting": true,
"type": "Log"
},
"layer": "Network"
}

8 Replies

Re: Web API - setting track level

Jump to solution
try to use "track.accounting true"
Regards, Maarten
0 Kudos
Maik
Silver

Re: Web API - setting track level

Jump to solution

As Maarten mentioned "track.accounting true" should work fine.

The documentation mentions that accounting only accepts boolean values; meaning true or false.

The "type" option can only be used with "Log", "Extended Log", "Detailed Log" or "None".

Unbenannt.PNG

Employee
Employee

Re: Web API - setting track level

Jump to solution

Hi,

 

Usage of "track.accounting" results in error.

 

"track": "log",
"track.accounting": False

{'layer': 'Network', 'position': 'top', 'name': 'API 1', 'action': 'Accept', 'destination': 'hst_dst_1.10.1.100', 'service': 'Kubernetes1', 'enabled': True, 'source': 'Any', 'track': 'log', 'track.accounting': False}

{'code': 'generic_err_invalid_parameter_name', 'message': 'Unrecognized parameter [track.accounting]'} 

 

BR,

Vlad Tonne.

 

0 Kudos
Maik
Silver

Re: Web API - setting track level

Jump to solution

Works via management cli:

 

"add access-rule name 'Test' layer Network position bottom track.accounting true"

 

My guess is that you cant use both statements with one task:

"track": "log",
"track.accounting": False

 

Try to create the rule with track log first and afterwards use the set access rule command and enable account via "track.accounting": True.

Employee
Employee

Re: Web API - setting track level

Jump to solution
Already tried that.
Still same issue when doing the setting via Web API.

BR,
Vlad
0 Kudos
Maik
Silver

Re: Web API - setting track level

Jump to solution

Maybe @Amiad_Stern can help.

0 Kudos

Re: Web API - setting track level

Jump to solution

@Vlad_Tonne , @Maik ,

Which version are we talking about?

Here are commands that worked for me on R80.30.

 

mgmt_cli:

mgmt_cli add access-rule layer "Network" position 1 name "Rule 1" track.type "Log" track.accounting true

 

Web Services:

  {
"name": "amiad rule1",
"position" : 1,
"track": {
"accounting": true,
"type": "Log"
},
"layer": "Network"
}

Employee
Employee

Re: Web API - setting track level

Jump to solution
Rule creation worked without accounting, upon setting:
payload_For_API = {
"name": "amiad rule1",
"position" : 1,
"track": {
"accounting": False,
"type": "Log"
},
"layer": "Network"
}

It might be worthwhile to add in API documentation "required" for "type" when additional flags like "accounting" are to be used.

Thanks,
Vlad
0 Kudos